您现在的位置是:首页 >学无止境 >k8s证书过期网站首页学无止境
k8s证书过期
[root@master1 ~]# kubectl get nodes
Unable to connect to the server: x509: certificate has expired or is not yet valid: current time
1.master服务器:
# 备份 kubernetes配置
cp -r /etc/kubernetes /etc/kubernetes_bak
# 检测证书过期
kubeadm certs check-expiration
# 更新证书
kubeadm certs renew all
# 再次检测证书过期
kubeadm certs check-expiration
如果kubectl get node
error: You must be logged in to the server (Unauthorized)
sudo cp -i /etc/kubernetes/admin.conf $HOME/.kube/config
[root@master1 ~]# kubectl get node
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane,master 2y10d v1.20.1
node1 Ready <none> 2y10d v1.20.1
node2 Ready <none> 2y10d v1.20.1
2.node1服务器:
[root@node1 ~]# kubectl get node
error: You must be logged in to the server (Unauthorized)
把master的/etc/kubernetes/admin.conf替换到node1节点下的/etc/kubernetes/admin.conf
[root@node1 kubernetes]# kubectl get node
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane,master 2y10d v1.20.1
node1 Ready <none> 2y10d v1.20.1
node2 Ready <none> 2y10d v1.20.1
3.node2服务器:
[root@node2 ~]# kubectl get node
error: You must be logged in to the server (Unauthorized)
把master的/etc/kubernetes/admin.conf替换到node2节点下的/etc/kubernetes/admin.conf
[root@node2 kubernetes]# kubectl get node
NAME STATUS ROLES AGE VERSION
master1 Ready control-plane,master 2y10d v1.20.1
node1 Ready <none> 2y10d v1.20.1
node2 Ready <none> 2y10d v1.20.1
4.kubectl replace --force -f /var/jenkins_home/yaml/console-manage-business.yaml
等kubectl pods节点都无法更新问题
到master服务器上
按照提示,查找kube-apiserver, kube-controller-manager, kube-scheduler and etcd服务的容器并重启:
docker ps | grep -E 'kube-apiserver|kube-controller-manager|kube-scheduler|etcd'
3:根据上一步查到的容器id重启docker容器: